Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/V1aZ2Oir-YcaB5W8puap9OnyFPQ.roa
File:                     V1aZ2Oir-YcaB5W8puap9OnyFPQ.roa (raw, json)
Hash identifier:          XdFwxTjLyYZVnoi+MEQpeRDm1NgmqNfkbqmwpKoG77E=
Subject key identifier:   57:56:99:D8:E8:AB:F9:87:1A:07:95:BC:A6:E6:A9:F4:E9:F2:14:F4
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0196A602E7A481327973E1BDB6FF8D33F084
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/V1aZ2Oir-YcaB5W8puap9OnyFPQ.roa
Signing time:             Tue 06 May 2025 14:32:10 +0000
ROA not before:           Tue 06 May 2025 14:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        2a0e:8546::/32 maxlen: 32
                          2a0f:bb04::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 13:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a6:02:e7:a4:81:32:79:73:e1:bd:b6:ff:8d:33:f0:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: May  6 14:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=575699d8e8abf9871a0795bca6e6a9f4e9f214f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e2:c0:51:ca:c3:10:6c:80:bb:82:ca:5c:0e:
                    ba:4f:7b:0f:fb:d1:28:32:f3:84:4f:f2:05:ee:c0:
                    c5:52:cc:e2:e6:96:ba:f8:47:39:bd:33:da:23:a0:
                    9f:6c:98:9a:f4:8c:6f:18:31:cd:ba:31:d1:ec:49:
                    ee:cf:17:2f:fd:11:4e:16:8f:57:d3:30:15:d4:4a:
                    bf:50:ac:33:a8:f4:b8:e5:4b:70:5b:0f:01:b9:1b:
                    ce:3b:86:7a:a1:76:ca:80:ac:d6:a7:ea:c0:84:f8:
                    7c:ac:13:97:c3:1c:41:f5:2e:82:d3:68:ff:8a:f1:
                    ac:5b:ba:e0:63:01:5d:3c:61:6c:24:1c:25:b1:65:
                    77:84:60:d5:65:24:c1:03:db:59:9e:cf:2f:a7:c0:
                    48:3d:ba:10:85:82:7c:1e:5a:54:72:c6:6c:67:5f:
                    dd:eb:22:1e:cd:0f:fa:e4:20:84:66:82:7f:d8:23:
                    5b:d6:f0:f4:34:10:f0:de:57:ef:a8:23:bd:6b:c0:
                    2a:f7:09:7e:48:c5:70:67:a0:8d:fe:79:89:6e:38:
                    5d:60:3e:9f:aa:31:20:29:9e:26:e8:a6:4c:1d:04:
                    f0:4e:ad:48:95:7c:0a:03:3b:21:db:aa:80:9f:6a:
                    d7:77:17:c6:09:b8:7f:55:7c:26:68:87:21:1e:03:
                    df:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:56:99:D8:E8:AB:F9:87:1A:07:95:BC:A6:E6:A9:F4:E9:F2:14:F4
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/V1aZ2Oir-YcaB5W8puap9OnyFPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8546::/32
                  2a0f:bb04::/32

    Signature Algorithm: sha256WithRSAEncryption
         d9:ba:f7:31:d6:c0:f3:b6:98:33:1a:2d:23:ef:34:71:8d:02:
         fd:9c:de:b5:ad:04:39:ca:8e:92:ae:c2:97:8e:43:ce:62:24:
         0a:70:86:6f:4d:50:47:3e:fe:0a:b1:30:e7:98:1a:3d:4e:3b:
         58:6a:aa:d9:9f:1d:53:9b:e1:25:2e:d4:4a:88:50:7c:92:f1:
         08:ec:2f:8b:04:d2:02:c6:7d:2d:34:c4:29:72:48:ff:6c:b3:
         b8:fc:a1:b0:b9:0b:5c:2c:87:6f:75:e7:f8:84:df:3f:a5:30:
         07:f9:0f:76:6b:b7:eb:97:fb:7e:a5:78:91:9f:8f:3b:56:34:
         e0:2e:33:80:5d:22:14:5e:ea:d4:4e:23:3d:74:0d:7a:ee:63:
         8a:74:1e:9e:3f:3f:4b:0b:ad:b6:d4:4f:1d:c9:81:34:a2:51:
         49:b2:16:fe:d9:79:93:ff:19:84:a7:3e:5a:e1:27:64:f9:8c:
         65:72:df:17:fa:93:25:c1:59:00:82:2b:b7:da:50:bc:2f:f4:
         9e:cb:b1:2f:92:46:e0:f5:a0:bc:16:1a:c1:22:c8:d9:f6:80:
         2f:2d:3e:98:10:bd:0a:23:63:8c:65:55:7f:22:16:0e:9f:7a:
         16:56:0d:e1:2f:51:71:67:33:44:a9:28:e1:d6:d6:7e:77:f3:
         c1:ad:7f:fc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZamAuekgTJ5c+G9tv+NM/CEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNTA2MTQzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzU2OTlkOGU4YWJmOTg3MWEwNzk1YmNhNmU2YTlmNGU5ZjIxNGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteLAUcrDEGyAu4LKXA66T3sP+9Eo
MvOET/IF7sDFUszi5pa6+Ec5vTPaI6CfbJia9IxvGDHNujHR7Enuzxcv/RFOFo9X
0zAV1Eq/UKwzqPS45UtwWw8BuRvOO4Z6oXbKgKzWp+rAhPh8rBOXwxxB9S6C02j/
ivGsW7rgYwFdPGFsJBwlsWV3hGDVZSTBA9tZns8vp8BIPboQhYJ8HlpUcsZsZ1/d
6yIezQ/65CCEZoJ/2CNb1vD0NBDw3lfvqCO9a8Aq9wl+SMVwZ6CN/nmJbjhdYD6f
qjEgKZ4m6KZMHQTwTq1IlXwKAzsh26qAn2rXdxfGCbh/VXwmaIchHgPf6QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFdWmdjoq/mHGgeVvKbmqfTp8hT0MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvVjFhWjJPaXItWWNhQjVXOHB1YXA5T255RlBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg6FRgMF
ACoPuwQwDQYJKoZIhvcNAQELBQADggEBANm69zHWwPO2mDMaLSPvNHGNAv2c3rWt
BDnKjpKuwpeOQ85iJApwhm9NUEc+/gqxMOeYGj1OO1hqqtmfHVOb4SUu1EqIUHyS
8QjsL4sE0gLGfS00xClySP9ss7j8obC5C1wsh2915/iE3z+lMAf5D3Zrt+uX+36l
eJGfjztWNOAuM4BdIhRe6tROIz10DXruY4p0Hp4/P0sLrbbUTx3JgTSiUUmyFv7Z
eZP/GYSnPlrhJ2T5jGVy3xf6kyXBWQCCK7faULwv9J7LsS+SRuD1oLwWGsEiyNn2
gC8tPpgQvQojY4xlVX8iFg6fehZWDeEvUXFnM0SpKOHW1n5388Gtf/w=
-----END CERTIFICATE-----